forked from kubernetes/kubernetes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
user.go
103 lines (89 loc) · 3.04 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// Copyright 2011 Google Inc. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.
// Package user provides a client for App Engine's user authentication service.
package user
import (
"strings"
"github.com/golang/protobuf/proto"
"google.golang.org/appengine"
"google.golang.org/appengine/internal"
pb "google.golang.org/appengine/internal/user"
)
// User represents a user of the application.
type User struct {
Email string
AuthDomain string
Admin bool
// ID is the unique permanent ID of the user.
// It is populated if the Email is associated
// with a Google account, or empty otherwise.
ID string
FederatedIdentity string
FederatedProvider string
}
// String returns a displayable name for the user.
func (u *User) String() string {
if u.AuthDomain != "" && strings.HasSuffix(u.Email, "@"+u.AuthDomain) {
return u.Email[:len(u.Email)-len("@"+u.AuthDomain)]
}
if u.FederatedIdentity != "" {
return u.FederatedIdentity
}
return u.Email
}
// LoginURL returns a URL that, when visited, prompts the user to sign in,
// then redirects the user to the URL specified by dest.
func LoginURL(c appengine.Context, dest string) (string, error) {
return LoginURLFederated(c, dest, "")
}
// LoginURLFederated is like LoginURL but accepts a user's OpenID identifier.
func LoginURLFederated(c appengine.Context, dest, identity string) (string, error) {
req := &pb.CreateLoginURLRequest{
DestinationUrl: proto.String(dest),
}
if identity != "" {
req.FederatedIdentity = proto.String(identity)
}
res := &pb.CreateLoginURLResponse{}
if err := c.Call("user", "CreateLoginURL", req, res, nil); err != nil {
return "", err
}
return *res.LoginUrl, nil
}
// LogoutURL returns a URL that, when visited, signs the user out,
// then redirects the user to the URL specified by dest.
func LogoutURL(c appengine.Context, dest string) (string, error) {
req := &pb.CreateLogoutURLRequest{
DestinationUrl: proto.String(dest),
}
res := &pb.CreateLogoutURLResponse{}
if err := c.Call("user", "CreateLogoutURL", req, res, nil); err != nil {
return "", err
}
return *res.LogoutUrl, nil
}
// Current returns the currently logged-in user,
// or nil if the user is not signed in.
func Current(c appengine.Context) *User {
u := &User{
Email: internal.VirtAPI(c, "user:Email"),
AuthDomain: internal.VirtAPI(c, "user:AuthDomain"),
ID: internal.VirtAPI(c, "user:ID"),
Admin: internal.VirtAPI(c, "user:IsAdmin") == "1",
FederatedIdentity: internal.VirtAPI(c, "user:FederatedIdentity"),
FederatedProvider: internal.VirtAPI(c, "user:FederatedProvider"),
}
if u.Email == "" && u.FederatedIdentity == "" {
return nil
}
return u
}
// IsAdmin returns true if the current user is signed in and
// is currently registered as an administrator of the application.
func IsAdmin(c appengine.Context) bool {
return internal.VirtAPI(c, "user:IsAdmin") == "1"
}
func init() {
internal.RegisterErrorCodeMap("user", pb.UserServiceError_ErrorCode_name)
}